PLATFORM: SQL 2008R2 Enterprise 64
Q: Outside vendor that provides our accounting software is requiring access to our database as the dbo user (the useer that is the database owner) to perform data changes directly as part of an upgrade. They say that no schema changes (no DDL commands) will occur but I'd rather they just not be able to execute any DDL commands (or DCl) anyway, limiting their access to DML command within the database.
SInce the actual dbo user is fixed and based on what I understand, not something you can change security/access wise, my thought was to create a user and make them a member of the db_owner role and then restrict their access so as to disable the ability to change the schema.
Thoughts? Is there a better way to do this, to provide db owner access for DML commnands only?
Just say No to Facebook!